Zum Hauptinhalt springen

CVE-2025-21502: Updated Container Image

Oracle has published a Security Advisories for Java as part of it's Januar 2025 Critical Patch Update Advisory that is relevant for INFOMOTION Data Management center under certain conditions:

  • Generally speaking, Java is not part of DMC itself, which is therefore not directly affected.
  • However, the pre-built container images we distribute since Release 2024.1 contain a Java Runtime Environment (Java version 17).

CVE-2025-21502 has been classified by Oracle as a low-impact and high-complexity attack on Java versions up to 17.0.13. Unfortunately, there is not enough information available yet to be able to asses if and how INFOMOTION Data Management Center might be affected by the issue in the underlying JRE.

As a precaution we are releasing an updated DMC version 2024.2.1.

In addition to two bugfixes (see release notes), the container images published for this patch update the JRE to version 17.0.14 which, according to the published information, is not affected by either CVE.

If you have further questions, please create a DMC support ticket via eMail.